FBI Warning: Scammers Are Using Deepfakes To Apply For Remote Tech Jobs


Image: Dzelat/Shutterstock

According to the FBI, scammers or criminals use deepfakes and stolen personally identifiable information during online interviews for outside positions.

The use of deepfakes or synthetic audio, image and video content created with AI or machine learning technologies has been on the radar as a potential phishing threat for several years now.

The The FBI’s Internet Crime Complaint Center (IC3) now says: it has seen an increase in complaints about using deepfakes and stolen personally identifiable information to apply for remote jobs, mostly in technology.

TO SEE: Phishing gang that stole millions by luring victims to fake banking websites is broken up by police

With some offices asking staff to return to work, there is one job category where a strong pressure to continue working remotely is in information technology

Reports to IC3 mainly related to remote job openings in information technology, programming, databases and software-related functions.

The FBI emphasizes the risk to an organization of hiring a fraudulent job applicant, noting that “some of the positions reported include access to customer PII, financial records, corporate IT databases and/or proprietary information.”

According to the FBI, the cases reported to IC3 concern the use of voice deepfakes during online interviews with potential applicants. But it also notes that victims have noticed visual inconsistencies.

“In these interviews, the actions and lip movements of the person being interviewed on camera do not fully match the audio of the person speaking. Sometimes actions such as coughing, sneezing or other auditory actions are not aligned with what is being heard. said. presented visually,” according to the FBI.

Complaints to IC3 have also described the use of stolen PII to request these remote positions.

“Victims have reported the use of their identities and background checks have revealed that the PII provided by some job applicants belonged to another person,” the FBI said.

The FBI warned in March 2021 malicious actors would almost certainly use deepfakes for cyber and foreign influence operations in the next 12 to 18 months.

It predicted that synthetic content could be used as an extension of spearphishing and social engineering. It was concerned that fraudsters behind Business Email Compromise (BEC) — the most expensive form of fraud today — would turn into a corporate identity compromise, with fraudsters creating synthetic corporate characters or sophisticated emulation of an existing employee.

The FBI also noted that visual indicators such as distortions and inconsistencies in images and video can betray synthetic content. Visual inconsistencies typically presented in synthetic video include head and trunk movements and synchronization issues between facial and lip movements and accompanying audio.

Fraudulent attacks on hiring processes are not a new threat, but using deepfakes for the job is new. The United States Department of State, the United States Department of the Treasury, and the Federal Bureau of Investigation (FBI) warned in May US organizations should not accidentally hire North Korean IT staff.

These contractors typically weren’t hacking directly, but used their access as outsourced developers within US and European companies to facilitate the country’s hacking activities, the agencies warned.

Leave a Comment

Your email address will not be published. Required fields are marked *